40 Linux Kernel CVEs in March 2022
Full month · Source: NIST NVD
In March 2022, 40 Linux kernel CVEs were published, sourced from the NIST National Vulnerability Database. Of these, 21 were rated High severity and 18 Medium. 2 vulnerabilities were confirmed as actively exploited in the wild via the CISA KEV catalog, including CVE-2022-0492, CVE-2022-0847 . March's 40 CVEs represent 13% of all 2022 Linux kernel CVEs , up from February's 27 (a 48% month-over-month increase) .
Actively Exploited CVEs — March 2022
2 CVEs in CISA KEV2 Linux kernel CVEs from March 2022 are confirmed as actively exploited in the wild via the CISA KEV catalog: CVE-2022-0492, CVE-2022-0847 .
| CVE ID | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|
| CVE-2022-0492 | High KEV | 7.8 | 2022-03-03 | A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgr… | |
| CVE-2022-0847 | High KEV | 7.8 | 2022-03-10 | A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper … |
| CVE ID | Package | Severity | CVSS | Published | Description | |
|---|---|---|---|---|---|---|
| CVE-2022-0435 | linux | High | 8.8 | 2022-03-25 | A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with… | |
| CVE-2022-27223 | linux | High | 8.8 | 2022-03-16 | In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and migh… | |
| CVE-2021-4157 | linux | High | 8.0 | 2022-03-25 | An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way user… | |
| CVE-2022-0998 | linux | High | 7.8 | 2022-03-30 | An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost… | |
| CVE-2022-1055 | linux | High | 7.8 | 2022-03-29 | A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escal… | |
| CVE-2022-0995 | linux | High | 7.8 | 2022-03-25 | An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This… | |
| CVE-2022-0330 | linux | High | 7.8 | 2022-03-25 | A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may … | |
| CVE-2022-0500 | linux | High | 7.8 | 2022-03-25 | A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in th… | |
| CVE-2021-4197 | linux | High | 7.8 | 2022-03-23 | An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found … | |
| CVE-2022-1011 | linux | High | 7.8 | 2022-03-18 | A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw all… | |
| CVE-2022-0516 | linux | High | 7.8 | 2022-03-10 | A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Lin… | |
| CVE-2022-0847 | linux | High KEV | 7.8 | 2022-03-10 | A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in co… | |
| CVE-2022-26490 | linux | High | 7.8 | 2022-03-06 | st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTI… | |
| CVE-2022-0492 | linux | High KEV | 7.8 | 2022-03-03 | A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. T… | |
| CVE-2021-3715 | linux | High | 7.8 | 2022-03-02 | A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the… |